World Security

Dear Group,

I am currenty working on a project to reinstitute Security. The original setup is now obsolete and with the number of new menus and users which don't have any security I think it would be easier to start over then to rebuild. Does anyone have any advise on this project or helpful documentation? I have reviewed the JDE Manual which gave me a descent overview but I dont think I am completely there yet. I have searched the Knowledge Garden and the archives here and have found very little.

If any one has any policies or proceedures that your company would be willing to share that would be deeply appricated.

I would like to thank everyone in advance.

Shane

Shane,

The goal should be to implement Action Code security to *PUBLIC *ALL NNN,
AND a full review of the function key requirements for each video
(especially things like Payee Control, which aren't action code secureable).
Menu security can be a nightmare, depending on how you've set the menus.
Don't forget to secure the hidden commands too.

In order to reach this you really need to know what your user base actually
does, and what access it needs to perform the day to day duties.

It's a great help if you've used User Classes. If not, it can be a long
trawl, depending on the size of the User base.

If you want to take this off line, I'm willing to share with you our
approach, which seems to work.

Regards,

Steve Shipp

(44) 161 246 3530

Wish I had some compelling information for you but as we all know, every company is different. My first suggestion is to keep it as simple as possible. In our instance, even though you can invoke 5 different levels of security on menus and people, we have been able to safely use just one level with success. Also use group security where you can.

As for the menus, I have found it easiest to use an Update World Writer to update "mass: sets of menus for the authority level. For example, all the G9* menus to us are for developers and security only so we have all of them set to 0. Any systems that are not used and you have menus for, also set to 0. In our case, we have all "payroll and HR" people at a certain security level so we can also quickly set all the G07 and G08 menus to that same level.

Use Menu Travel authority sparingly if you can and that sort of plugs another hole that if someone can't get there by poking menu options, then they can't accidentally get there by trying to "Menu Surf". Fast Path's can be helpful as well.

And of course you have all sorts of functionality with BU Security, Action Code Security and Function Key Security! If you haven't already, I would try to "group" your users first and work on security level(s) for them. Then attack the menus. "Over" secure if not sure and wait for the phone call about it. Better to over secure first back things up and review "why" afterwards. I would rather have someone call and say "I can't get into the Employee Master" and me call their supervisor and make sure it is in fact OK for them to do so. Another thing that has helped is that every company loses people so we have a "Access Request" form that has to be filled out before we let them in JDE. Instead of asking what "level" they should be, we essentially ask "are they just like someone else and performing the same job?" We are then able to quickly setup the new person just like so-and-so because we already know that person has verified security level.

And lastly (bored yet?), be sure to use *PUBLIC to do your "mass securing" of things such as BU, Action Code, and Function Key Securities. Again, much easier to take things away from everyone, then determine who SHOULD be able to do that function than assume people just can't do things based on menu/user level security. Ok, I'm done now.